Nano-Segmentation

CHALLENGE

Some applications are known to use large, dynamic port ranges during operation (e.g., Microsoft Active Directory). Activity from these applications can come from one or many ports in a range of thousands. To ensure security does not break application functionality, firewalls and network-based solutions must account for these dynamic port ranges and compromise security with policy that leaves the entire port range open.

SOLUTION

The unique architecture and policy model of Illumio ASP allows for real-time insights into active ports and processes on the workload, simplified policy creation that can be tied to a specific process, and adaptive segmentation that can be applied in real time down to the port level (nano-segmentation).

 

CREATE GRANULAR ADAPTIVE POLICY SIMPLY

Illumio adaptive segmentation policy is defined using declarative, natural language that is easy to create and easy for all security, infrastructure, or application teams to understand.

  • Create process-based policy with a simple, declarative natural language policy model for granular nano-segmentation.
  • Eliminate dependency on network constructs such as IP addresses, VLANs, subnets, or zones from policy creation.

SECURE WITHOUT COMPROMISING FUNCTIONALITY OR PROTECTION

Illumio collects context from each host in real time, including details on currently active ports and processes for security that adapts and eliminates the need to compromise protection in favor of application functionality.

  • Calculate the most up-to-date, relevant policy for enforcement with real-time host context.
  • Adjust enforcement automatically to provide the best protection without compromising security, even for applications with dynamic port ranges (e.g., Microsoft Active Directory).

Examples

  • Companies that want to improve security for Active Directory deployments
  • Technology companies that need to ensure protection for custom software using large dynamic port ranges
Building a Smart Segmentation Strategy Guide

How-To Guide

BUILDING A SMART SEGMENTATION STRATEGY

Use this guide to create a rock-solid micro-segmentation strategy in only five steps.

Get the guide »